Redirecting output

**Rodrigo Dias Cruz** · Jun 27 '08, 07:08 PM

Re: Redirecting output

On Apr 20, 11:31 am, sheldonlg <sheldonlgwrote :

I generate a string in PHP with headers that write a file to the disk.
(the user is asked whether to open it or to save it).
>
Using AJAX, the string is written to the screen instead. What I would
like to know is how to redirect the output to not be to the screen but
to open the file (as it is without AJAX). For other output I direct the
output to a names <divtag to appear on the screen. How do I specify
the target here?

I'm not sure if I understood your question, but it seems you want to
use javascript to open and write a local file. Is that correct? If so,
then I must say that for security reasons, there is no way to open
local files using javascript in a web browser. At least, as far as I
know.

I don't know if it helps, but all you can do here, is send the data
from the client to the server and then write a file with that data 'on
the server'. On the client, I dont think it will be possible.

**sheldonlg** · Jun 27 '08, 07:09 PM

Re: Redirecting output

Rodrigo Dias Cruz wrote:

On Apr 20, 11:31 am, sheldonlg <sheldonlgwrote :

>I generate a string in PHP with headers that write a file to the disk.
>(the user is asked whether to open it or to save it).
>>
>Using AJAX, the string is written to the screen instead. What I would
>like to know is how to redirect the output to not be to the screen but
>to open the file (as it is without AJAX). For other output I direct the
>output to a names <divtag to appear on the screen. How do I specify
>the target here?

>
I'm not sure if I understood your question, but it seems you want to
use javascript to open and write a local file. Is that correct? If so,
then I must say that for security reasons, there is no way to open
local files using javascript in a web browser. At least, as far as I
know.
>
I don't know if it helps, but all you can do here, is send the data
from the client to the server and then write a file with that data 'on
the server'. On the client, I dont think it will be possible.

Yes, it is and I have done it (sending commands built in PHP).

What happens is that there is a pop-up that asks the user whether he
wants to open the file or save it. He can also cancel. This satisfies
the security question because the user must give permission. In PHP
this is accomplished with the following header calls:

header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=" . $excel_file_nam e);
header("Pragma: no-cache");
header("Expires : 0");

The result is as I stated above. I believe there are similar calls in
javascript, but I haven't used those before.

VK · Jun 27 '08, 07:09 PM

Re: Redirecting output

On Apr 21, 3:34 pm, sheldonlg <sheldonlgwrote :

What happens is that there is a pop-up that asks the user whether he
wants to open the file or save it. He can also cancel. This satisfies
the security question because the user must give permission.

Not in the default browser security model. In in the default browser
security model Javascript has no access to the local file system _of
any kind_ - that includes any kind of runtime dialogs to beg a
permission from the user. It is very smart way to do because the
practice proved that end users very rarely are able to make an
educated decision "allow/don't allow" for security sensitive question:
thus an additional protection level is needed. Respectively to get a
permission to ask for a permission the script has to be properly
signed first. There is a trick for IE and Firefox to get such pop up
for some runtime generated content:

http://groups.google.com/group/comp.lang.javascript/msg/38ab048d640b343b

I do expect that SaveAs exploit will be fixed sooner or later for IE -
if not already fixed. It also doesn't help for any other browsers
besides IE and Firefox.

This way just relax and use the standard age old server-side schema
which works just fine everywhere:

<form name="saver"
target="dumpste r"
action="pushbac k.php">
<input type="hidden" name="data" value="">
</form>
<iframe name="dumpster"
src="blank.html "
style="display: none !important"></iframe>

then in your script:

document.forms['saver'].data.value = currentValue;
document.forms['saver'].submit();

then on your server pushpack.php returns data with octet-stream header
to trig Save As dialog.

**Captain Paralytic** · Jun 27 '08, 07:09 PM

Re: Redirecting output

On 21 Apr, 12:34, sheldonlg <sheldonlgwrote :

Rodrigo Dias Cruz wrote:

>I'm not sure if I understood your question, but it seems you want to
>use javascript to open and write a local file. Is that correct? If so,
>then I must say that for security reasons, there is no way to open
>local files using javascript in a web browser. At least, as far as I
>know.

Yes, it is and I have done it

No you haven't.

(sending commands built in PHP).

See, this is not javascript.

What happens is that there is a pop-up that asks the user whether he
wants to open the file or save it. He can also cancel. This satisfies
the security question because the user must give permission.

Once again, no javascript

**Evertjan.** · Jun 27 '08, 07:09 PM

Re: Redirecting output

sheldonlg wrote on 21 apr 2008 in comp.lang.javas cript:

Rodrigo Dias Cruz wrote:

>On Apr 20, 11:31 am, sheldonlg <sheldonlgwrote :

>>I generate a string in PHP with headers that write a file to the
>>disk. (the user is asked whether to open it or to save it).
>>>
>>Using AJAX, the string is written to the screen instead. What I
>>would like to know is how to redirect the output to not be to the
>>screen but to open the file (as it is without AJAX). For other
>>output I direct the output to a names <divtag to appear on the
>>screen. How do I specify the target here?

>>
>I'm not sure if I understood your question, but it seems you want to
>use javascript to open and write a local file. Is that correct? If
>so, then I must say that for security reasons, there is no way to
>open local files using javascript in a web browser. At least, as far
>as I know.
>>
>I don't know if it helps, but all you can do here, is send the data
>from the client to the server and then write a file with that data
>'on the server'. On the client, I dont think it will be possible.

>
Yes, it is and I have done it (sending commands built in PHP).
>
What happens is that there is a pop-up that asks the user whether he
wants to open the file or save it. He can also cancel. This
satisfies the security question because the user must give permission.
In PHP this is accomplished with the following header calls:
>
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=" .
$excel_file_nam e); header("Pragma: no-cache");
header("Expires : 0");
>
The result is as I stated above. I believe there are similar calls in
javascript, but I haven't used those before.

Yes there are, in serverside javascript [ASP-Jscript].

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Redirecting output

Redirecting output

Comment

Comment

Comment

Comment

Comment